I used aircrack to capture a handshake of my network. I ran cap2hccapx to convert the file. I created a dictionary file with the password for the wifi. I ran hashcat64 -m 2500 -a 0 capture.hccapx dictionary.txt. Although I know the password is in the dictionary file, hashcat does not crack the password. I also ran a BF on the file, but it won't crack that way either.
What am I doing wrong?
To answer what went wrong, we must take a closer look into the cap file. Please attach the cap file (zip compressed) and, if possible, some information about the tool which did the capturing.
I used airodump-ng to capture the handshake along with the aireplay-ng -0 attack.
Ok. Now we must follow the path from the content of the cap file up to the conversion to hccapx format. Therefore we need the cap file.
Sorry, I thought I did that, but I didn't click the button. Here you go. I included the original cap file and the converted hccapx file.
Thanks. The cap file is ok and contain a complete handshake M1, M2, M3 and 4xM4 (zeroed SNONCE). cap2hccapx converted it correct.
Additional the M1 contain a valid PMKID and you can run hashcat -m 16800 against it.
Next step is to make sure, OpenCL and/or CUDA isn't broken.
What GPU do you use? What driver is installed?
Also you can try the attached PMKID against your dictionary. Is the key recovered?
I have two AMD R9-290X installed in my system. I am using Windows 10. I do get an error that OPENCL kernel self-test failed. Since I am cracking other password hashes, I guess I ignorantly assumed it would be ok to run it anyway.
My driver version is from 7/30/19 26.20.13001.25001
Ok, lets see if you're up to it:
Please download example 2500 hash from here:
https://hashcat.net/misc/example_hashes/hashcat.hccapx
Password: hashcat!
copy password to your wordlist and run hashcat against it
Is the password recovered?
You can test also hashmode -m 16800 running the wordlist against this PMKID
2582a8281bf9d4308d6f5731d0e61c61*4604ba734d4e*89acf0e761f4*ed487162465a774bfba60eb603a39f3a
Password: hashcat!
Is the password recovered, too?
Still no recovery. Should I be looking in the direction of a driver problem?
Here is the results:
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA-EAPOL-PBKDF2
Hash.Target......: 8381533406003807685881523 (AP:ae:f5:0f:22:80:1c STA:98:7b:dc:f9:f9:50)
Time.Started.....: Tue Aug 27 10:57:25 2019 (2 secs)
Time.Estimated...: Tue Aug 27 10:57:27 2019 (0 secs)
Guess.Base.......: File (testpass.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 1 H/s (0.61ms) @ Accel:64 Loops:32 Thr:64 Vec:1
Speed.#2.........: 0 H/s (0.00ms) @ Accel:64 Loops:32 Thr:64 Vec:1
Speed.#*.........: 1 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 2/2 (100.00%)
Rejected.........: 1/2 (50.00%)
Restore.Point....: 0/2 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#2...: Salt:0 Amplifier:0-0 Iteration:0-32
Candidates.#1....: hashcat! -> hashcat!
Candidates.#2....: [Copying]
Hardware.Mon.#1..: Util: 9% Core:1050MHz Mem:1350MHz Bus:16
Hardware.Mon.#2..: Util: 0% Core:1000MHz Mem:1250MHz Bus:16
Yes. Your driver is broken.
hashcat (v5.1.0-1397-g7f4df9eb) starting...
Session..........: hashcat
Status...........: Cracked
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: 8381533406003807685881523 (AP:ae:f5:0f:22:80:1c STA:98:7b:dc:f9:f9:50)
Time.Started.....: Tue Aug 27 18:11:13 2019 (0 secs)
Time.Estimated...: Tue Aug 27 18:11:13 2019 (0 secs)
Guess.Mask.......: hashcat! [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 29 H/s (0.38ms) @ Accel:16 Loops:64 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: hashcat! -> hashcat!
Hardware.Mon.#1..: Temp: 58c Fan: 40% Util: 55% Core:1860MHz Mem:5005MHz Bus:16
aef50f22801c:987bdcf9f950:8381533406003807685881523:hashcat!
What is your hashcat version?